A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case
Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, en...
Gespeichert in:
Veröffentlicht in: | ACM transactions on cyber-physical systems 2020-04, Vol.4 (2), p.1-28 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 28 |
---|---|
container_issue | 2 |
container_start_page | 1 |
container_title | ACM transactions on cyber-physical systems |
container_volume | 4 |
creator | Babun, Leonardo Aksu, Hidayet Uluagac, A. Selcuk |
description | Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However,
compromised devices
in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources. |
doi_str_mv | 10.1145/3355300 |
format | Article |
fullrecord | <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3355300</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_1145_3355300</sourcerecordid><originalsourceid>FETCH-LOGICAL-c187t-51bf6118de4856d6b4725c594bd16473ba399bf0520c6b3249d80a92ec92a8a73</originalsourceid><addsrcrecordid>eNo9kEtLAzEYRYMoWGrxL2TnajTvx7KOVgsFhSq4G5LMNxidMSUZRvrvrVjc3HsXh7s4CF1Sck2pkDecS8kJOUEzxrWprOLm9H-zt3O0KOWDEEK1OqSeofUSb_dlhKHqYYIe38K7m2LKrsd3MEIYY_rCq-wG-E75E3cp4zoNu5yGWKDF9fP2wE0xQLlAZ53rCyyOPUevq_uX-rHaPD2s6-WmCtTosZLUd4pS04IwUrXKC81kkFb4liqhuXfcWt8RyUhQnjNhW0OcZRAsc8ZpPkdXf78hp1IydM0ux8HlfUNJ8yuhOUrgP20hTPk</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case</title><source>ACM Digital Library Complete</source><creator>Babun, Leonardo ; Aksu, Hidayet ; Uluagac, A. Selcuk</creator><creatorcontrib>Babun, Leonardo ; Aksu, Hidayet ; Uluagac, A. Selcuk</creatorcontrib><description>Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However,
compromised devices
in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.</description><identifier>ISSN: 2378-962X</identifier><identifier>EISSN: 2378-9638</identifier><identifier>DOI: 10.1145/3355300</identifier><language>eng</language><ispartof>ACM transactions on cyber-physical systems, 2020-04, Vol.4 (2), p.1-28</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c187t-51bf6118de4856d6b4725c594bd16473ba399bf0520c6b3249d80a92ec92a8a73</cites><orcidid>0000-0002-7082-8423</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27904,27905</link.rule.ids></links><search><creatorcontrib>Babun, Leonardo</creatorcontrib><creatorcontrib>Aksu, Hidayet</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><title>A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case</title><title>ACM transactions on cyber-physical systems</title><description>Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However,
compromised devices
in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.</description><issn>2378-962X</issn><issn>2378-9638</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNo9kEtLAzEYRYMoWGrxL2TnajTvx7KOVgsFhSq4G5LMNxidMSUZRvrvrVjc3HsXh7s4CF1Sck2pkDecS8kJOUEzxrWprOLm9H-zt3O0KOWDEEK1OqSeofUSb_dlhKHqYYIe38K7m2LKrsd3MEIYY_rCq-wG-E75E3cp4zoNu5yGWKDF9fP2wE0xQLlAZ53rCyyOPUevq_uX-rHaPD2s6-WmCtTosZLUd4pS04IwUrXKC81kkFb4liqhuXfcWt8RyUhQnjNhW0OcZRAsc8ZpPkdXf78hp1IydM0ux8HlfUNJ8yuhOUrgP20hTPk</recordid><startdate>20200430</startdate><enddate>20200430</enddate><creator>Babun, Leonardo</creator><creator>Aksu, Hidayet</creator><creator>Uluagac, A. Selcuk</creator><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-7082-8423</orcidid></search><sort><creationdate>20200430</creationdate><title>A System-level Behavioral Detection Framework for Compromised CPS Devices</title><author>Babun, Leonardo ; Aksu, Hidayet ; Uluagac, A. Selcuk</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c187t-51bf6118de4856d6b4725c594bd16473ba399bf0520c6b3249d80a92ec92a8a73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Babun, Leonardo</creatorcontrib><creatorcontrib>Aksu, Hidayet</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on cyber-physical systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Babun, Leonardo</au><au>Aksu, Hidayet</au><au>Uluagac, A. Selcuk</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case</atitle><jtitle>ACM transactions on cyber-physical systems</jtitle><date>2020-04-30</date><risdate>2020</risdate><volume>4</volume><issue>2</issue><spage>1</spage><epage>28</epage><pages>1-28</pages><issn>2378-962X</issn><eissn>2378-9638</eissn><abstract>Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However,
compromised devices
in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.</abstract><doi>10.1145/3355300</doi><tpages>28</tpages><orcidid>https://orcid.org/0000-0002-7082-8423</orcidid></addata></record> |
fulltext | fulltext |
identifier | ISSN: 2378-962X |
ispartof | ACM transactions on cyber-physical systems, 2020-04, Vol.4 (2), p.1-28 |
issn | 2378-962X 2378-9638 |
language | eng |
recordid | cdi_crossref_primary_10_1145_3355300 |
source | ACM Digital Library Complete |
title | A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T10%3A11%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20System-level%20Behavioral%20Detection%20Framework%20for%20Compromised%20CPS%20Devices:%20Smart-Grid%20Case&rft.jtitle=ACM%20transactions%20on%20cyber-physical%20systems&rft.au=Babun,%20Leonardo&rft.date=2020-04-30&rft.volume=4&rft.issue=2&rft.spage=1&rft.epage=28&rft.pages=1-28&rft.issn=2378-962X&rft.eissn=2378-9638&rft_id=info:doi/10.1145/3355300&rft_dat=%3Ccrossref%3E10_1145_3355300%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |